package cms.simmytech.config;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;

public class KaptchaAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

	// SESSION 关于 验证码
	private static final String VRIFYCODE = "vrifyCode";

	// 拦截请求地址
	private String servletPath;

	Log log = LogFactory.getLog(KaptchaAuthenticationFilter.class);

	public KaptchaAuthenticationFilter(String servletPath, String failureUrl) {
		super(servletPath);
		this.servletPath = servletPath;
		setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler(failureUrl));
	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
		// TODO Auto-generated method stub
		HttpServletRequest req = (HttpServletRequest) request;
		HttpServletResponse res = (HttpServletResponse) response;
		if ("POST".equalsIgnoreCase(req.getMethod()) && servletPath.equals(req.getServletPath())) {
			String expect = (String) req.getSession().getAttribute(VRIFYCODE);
			if (expect != null && !expect.equalsIgnoreCase(req.getParameter(VRIFYCODE))) {
				unsuccessfulAuthentication(req, res, new InsufficientAuthenticationException("输入的验证码不正确"));
				return;
			}
		}
		chain.doFilter(req, res);
	}

	@Override
	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
	        throws AuthenticationException, IOException, ServletException {
		// TODO Auto-generated method stub
		return null;
	}
}
